Skip to content

v2.24.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 27 Feb 11:14
· 50 commits to master since this release
v2.24.0
271492b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog

  • 271492b fix: G704 false positive on const URL (#1551)
  • 1341aea fix(G705): eliminate false positive for non-HTTP io.Writer (#1550)
  • f2262c8 G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)
  • 5b580c7 Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546)
  • eba2d15 taint: skip context.Context arguments during taint propagation to fix false positives (#1543)
  • a6381c1 test: add missing rules to formatter report tests (#1540)
  • fea9725 chore(deps): update all dependencies (#1541)
  • f3e2fac Regenrate the TLS config rule (#1539)
  • 200461f Improve documentation (#1538)
  • 078a62a Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)
  • ffdc620 Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)
  • c13a486 Add G707 taint analyzer for SMTP command/header injection (#1535)
  • f61ed31 Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)
  • b568aa1 Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)
  • 1735e5a fix(G602): avoid false positives for range-over-array indexing (#1531)
  • caf93d0 Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)
  • bd11fbe fix: taint analysis false positives with G703,G705 (#1522)
  • e34e8dd Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)
  • b940702 Fix the G117 rule to take the JSON serialization into account (#1528)
  • 4f84627 (docs) fix justification format (#1524)
  • 36ba72b Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)
  • 238f982 Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)
  • 89cde27 Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)
  • 14fdd9c Fix G115 false positives and negatives (Issue #1501) (#1518)
  • cec54ec chore(deps): update all dependencies (#1517)
  • 2b2077e Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)
  • a7666f3 Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)
  • 47f8b52 Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)
  • 4f1f362 Add more unit tests to improve coverage (#1512)
  • 9344582 Improve test coverage in various areas (#1511)
  • 8d1b2c6 Imprve the test coverage (#1510)
  • 993c1c4 Fix incorrect detection of fixed iv in G407 (#1509)
  • 8668b74 Add support for go 1.26.x and removed support for go 1.24.x (#1508)
  • 514225c Fix the sonar report to follow the latest schema (#1507)
  • 000384e fix: broken taint analysis causing false positives (#1506)
  • 616192c fix: panic on float constants in overflow analyzer (#1505)
  • 79956a3 fix: panic when scanning multi-module repos from root (#1504)
  • 5736e8b fix: G602 false positive for array element access (#1499)
  • 1b7e1e9 Update gosec to version v2.23.0 in the Github action (#1496)
Assets 21
Loading